ISSUE-139

Clarify UX of CoSL

State:
CLOSED
Product:
wsc-xit-past-062008
Raised by:
Mary Ellen Zurko
Opened on:
2007-12-14
Description:
6.1.2

"During interactions with a Web page for which any of the resources involved was retrieved through a weakly TLS-protected transaction, the identity signal must be indistinguishable from one that would be shown for an unprotected HTTP transaction, unless a change of security level has occured."

This seems to be the first place in the document that implies anything about what "change of security level" (CoSL) should/must be like from a user experience (UX). And the implication is, at the least, that it is _not_ the same as the UX for weakly TLS-protected web pages. We need to be more explicit about the UX for CoSL; at least about this level assumption. A straw-cat crack at it would be adding the following to 5.5:

A web user agent that displays any security context information in primary user interface MUST display a different form of security context information for change of security level and weakly TLS-protected transactions.
Related Actions Items:
No related actions
Related emails:
  1. ISSUE-139: Clarify UX of CoSL [wsc-xit] (from sysbot+tracker@w3.org on 2007-12-14)

Related notes:

Added to xit as open issue under section 6.1.2

Anil Saldhana, 21 Jan 2008, 22:14:03

Display change log ATOM feed


Mary Ellen Zurko <mzurko@us.ibm.com>, Chair, Thomas Roessler <tlr@w3.org>, Staff Contact
Tracker (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 139.html,v 1.1 2010/10/11 09:35:06 dom Exp $